+ Responder ao Tópico



  1. #21
    Oct 11 09:17:30 servidor sshd[4720]: Did not receive identification string from 80.53.84.18
    Oct 11 09:34:18 servidor sshd[4723]: Failed password for nobody from 80.53.84.18 port 26334 ssh2
    Oct 11 09:34:21 servidor sshd[4725]: Illegal user patrick from 80.53.84.18
    Oct 11 09:34:24 servidor sshd[4727]: Illegal user patrick from 80.53.84.18
    Oct 11 09:34:26 servidor sshd[4729]: Failed password for root from 80.53.84.18 port 26450 ssh2
    Oct 11 09:34:29 servidor sshd[4731]: Failed password for root from 80.53.84.18 port 26479 ssh2
    Oct 11 09:34:32 servidor sshd[4733]: Failed password for root from 80.53.84.18 port 26524 ssh2
    Oct 11 09:34:35 servidor sshd[4735]: Failed password for root from 80.53.84.18 port 26558 ssh2
    Oct 11 09:34:37 servidor sshd[4737]: Failed password for root from 80.53.84.18 port 26598 ssh2
    Oct 11 09:34:40 servidor sshd[4739]: Illegal user rolo from 80.53.84.18
    Oct 11 09:34:43 servidor sshd[4741]: Illegal user iceuser from 80.53.84.18
    Oct 11 09:34:46 servidor sshd[4743]: Illegal user horde from 80.53.84.18
    Oct 11 09:34:48 servidor sshd[4745]: Illegal user cyrus from 80.53.84.18
    Oct 11 09:34:51 servidor sshd[4747]: Illegal user www from 80.53.84.18
    Oct 11 09:34:54 servidor sshd[4749]: Illegal user wwwrun from 80.53.84.18
    Oct 11 09:34:57 servidor sshd[4751]: Illegal user matt from 80.53.84.18
    Oct 11 09:34:59 servidor sshd[4753]: Illegal user test from 80.53.84.18
    Oct 11 09:35:02 servidor sshd[4755]: Illegal user test from 80.53.84.18
    Oct 11 09:35:05 servidor sshd[4757]: Illegal user test from 80.53.84.18
    Oct 11 09:35:08 servidor sshd[4759]: Illegal user test from 80.53.84.18
    Oct 11 09:35:11 servidor sshd[4761]: Illegal user www-data from 80.53.84.18
    Oct 11 09:35:13 servidor sshd[4763]: Failed password for mysql from 80.53.84.18 port 27107 ssh2
    Oct 11 09:35:16 servidor sshd[4765]: Failed password for operator from 80.53.84.18 port 27148 ssh2
    Oct 11 09:35:19 servidor sshd[4767]: Failed password for adm from 80.53.84.18 port 27189 ssh2
    Oct 11 09:35:22 servidor sshd[4769]: Illegal user apache from 80.53.84.18
    Oct 11 09:35:24 servidor sshd[4771]: Illegal user irc from 80.53.84.18
    Oct 11 09:35:27 servidor sshd[4773]: Illegal user irc from 80.53.84.18
    Oct 11 09:35:30 servidor sshd[4775]: Failed password for adm from 80.53.84.18 port 27345 ssh2
    Oct 11 09:35:33 servidor sshd[4777]: Failed password for root from 80.53.84.18 port 27383 ssh2
    Oct 11 09:35:35 servidor sshd[4779]: Failed password for root from 80.53.84.18 port 27425 ssh2
    Oct 11 09:35:38 servidor sshd[4781]: Failed password for root from 80.53.84.18 port 27461 ssh2
    Oct 11 09:35:41 servidor sshd[4783]: Illegal user jane from 80.53.84.18
    Oct 11 09:35:44 servidor sshd[4785]: Illegal user pamela from 80.53.84.18
    Oct 11 09:35:46 servidor sshd[4787]: Failed password for root from 80.53.84.18 port 27579 ssh2
    Oct 11 09:35:49 servidor sshd[4789]: Failed password for root from 80.53.84.18 port 27618 ssh2
    Oct 11 09:35:52 servidor sshd[4791]: Failed password for root from 80.53.84.18 port 27658 ssh2
    Oct 11 09:35:55 servidor sshd[4793]: Failed password for root from 80.53.84.18 port 27696 ssh2
    Oct 11 09:35:58 servidor sshd[4795]: Failed password for root from 80.53.84.18 port 27733 ssh2
    Oct 11 09:36:00 servidor sshd[4797]: Illegal user cosmin from 80.53.84.18
    Oct 11 09:36:03 servidor sshd[4799]: Failed password for root from 80.53.84.18 port 27812 ssh2
    Oct 11 09:36:06 servidor sshd[4801]: Failed password for root from 80.53.84.18 port 27855 ssh2
    Oct 11 09:36:09 servidor sshd[4803]: Failed password for root from 80.53.84.18 port 27892 ssh2
    Oct 11 09:36:11 servidor sshd[4805]: Failed password for root from 80.53.84.18 port 27938 ssh2
    Oct 11 09:36:14 servidor sshd[4807]: Failed password for root from 80.53.84.18 port 27974 ssh2
    Oct 11 09:36:17 servidor sshd[4809]: Failed password for root from 80.53.84.18 port 28020 ssh2
    Oct 11 09:36:20 servidor sshd[4811]: Failed password for root from 80.53.84.18 port 28060 ssh2
    Oct 11 09:36:22 servidor sshd[4813]: Failed password for root from 80.53.84.18 port 28101 ssh2
    Oct 11 09:36:25 servidor sshd[4815]: Failed password for root from 80.53.84.18 port 28141 ssh2
    Oct 11 09:36:28 servidor sshd[4817]: Failed password for root from 80.53.84.18 port 28177 ssh2
    Oct 11 09:36:31 servidor sshd[4819]: Failed password for root from 80.53.84.18 port 28219 ssh2
    Oct 11 09:36:33 servidor sshd[4821]: Failed password for root from 80.53.84.18 port 28255 ssh2
    Oct 11 09:36:36 servidor sshd[4823]: Failed password for root from 80.53.84.18 port 28296 ssh2
    Oct 11 09:36:39 servidor sshd[4825]: Failed password for root from 80.53.84.18 port 28337 ssh2
    Oct 11 09:36:42 servidor sshd[4827]: Failed password for root from 80.53.84.18 port 28374 ssh2
    Oct 11 09:36:45 servidor sshd[4829]: Failed password for root from 80.53.84.18 port 28416 ssh2
    Oct 11 09:36:47 servidor sshd[4831]: Failed password for root from 80.53.84.18 port 28457 ssh2
    Oct 11 09:36:50 servidor sshd[4833]: Failed password for root from 80.53.84.18 port 28496 ssh2
    Oct 11 09:36:53 servidor sshd[4835]: Failed password for root from 80.53.84.18 port 28539 ssh2
    Oct 11 09:36:56 servidor sshd[4837]: Failed password for root from 80.53.84.18 port 28578 ssh2
    Oct 11 09:36:58 servidor sshd[4839]: Failed password for root from 80.53.84.18 port 28619 ssh2
    Oct 11 09:37:01 servidor sshd[4841]: Failed password for root from 80.53.84.18 port 28660 ssh2
    Oct 11 09:37:04 servidor sshd[4843]: Failed password for root from 80.53.84.18 port 28696 ssh2
    Oct 11 09:37:07 servidor sshd[4845]: Failed password for root from 80.53.84.18 port 28737 ssh2
    Oct 11 09:37:09 servidor sshd[4847]: Failed password for root from 80.53.84.18 port 28776 ssh2
    Oct 11 09:37:12 servidor sshd[4849]: Failed password for root from 80.53.84.18 port 28816 ssh2
    Oct 11 09:37:15 servidor sshd[4851]: Failed password for root from 80.53.84.18 port 28857 ssh2
    Oct 11 09:37:18 servidor sshd[4853]: Failed password for root from 80.53.84.18 port 28901 ssh2
    Oct 11 09:37:20 servidor sshd[4855]: Failed password for root from 80.53.84.18 port 28941 ssh2
    Oct 11 09:37:23 servidor sshd[4857]: Failed password for root from 80.53.84.18 port 28980 ssh2
    Oct 11 09:37:26 servidor sshd[4859]: Failed password for root from 80.53.84.18 port 29023 ssh2
    Oct 11 09:37:29 servidor sshd[4861]: Failed password for root from 80.53.84.18 port 29064 ssh2
    Oct 11 09:37:31 servidor sshd[4863]: Failed password for root from 80.53.84.18 port 29112 ssh2
    Oct 11 09:37:34 servidor sshd[4865]: Failed password for root from 80.53.84.18 port 29151 ssh2
    Oct 11 09:37:37 servidor sshd[4867]: Failed password for root from 80.53.84.18 port 29198 ssh2
    Oct 11 09:37:40 servidor sshd[4869]: Failed password for root from 80.53.84.18 port 29237 ssh2
    Oct 11 09:37:43 servidor sshd[4871]: Illegal user cip52 from 80.53.84.18
    Oct 11 09:37:45 servidor sshd[4873]: Illegal user cip51 from 80.53.84.18
    Oct 11 09:37:48 servidor sshd[4875]: Failed password for root from 80.53.84.18 port 29370 ssh2
    Oct 11 09:37:51 servidor sshd[4877]: Illegal user noc from 80.53.84.18
    Oct 11 09:37:54 servidor sshd[4879]: Failed password for root from 80.53.84.18 port 29454 ssh2
    Oct 11 09:37:56 servidor sshd[4881]: Failed password for root from 80.53.84.18 port 29494 ssh2
    Oct 11 09:37:59 servidor sshd[4883]: Failed password for root from 80.53.84.18 port 29542 ssh2
    Oct 11 09:38:02 servidor sshd[4885]: Failed password for root from 80.53.84.18 port 29576 ssh2
    Oct 11 09:38:05 servidor sshd[4887]: Illegal user webmaster from 80.53.84.18
    Oct 11 09:38:07 servidor sshd[4889]: Illegal user data from 80.53.84.18
    Oct 11 09:38:10 servidor sshd[4891]: Illegal user user from 80.53.84.18
    Oct 11 09:38:13 servidor sshd[4893]: Illegal user user from 80.53.84.18
    Oct 11 09:38:16 servidor sshd[4895]: Illegal user user from 80.53.84.18
    Oct 11 09:38:18 servidor sshd[4897]: Illegal user web from 80.53.84.18
    Oct 11 09:38:21 servidor sshd[4899]: Illegal user web from 80.53.84.18
    Oct 11 09:38:24 servidor sshd[4901]: Illegal user oracle from 80.53.84.18
    Oct 11 09:38:27 servidor sshd[4903]: Illegal user sybase from 80.53.84.18
    Oct 11 09:38:30 servidor sshd[4905]: Illegal user master from 80.53.84.18
    Oct 11 09:38:32 servidor sshd[4907]: Illegal user account from 80.53.84.18
    Oct 11 09:38:35 servidor sshd[4909]: Illegal user backup from 80.53.84.18
    Oct 11 09:38:38 servidor sshd[4911]: Illegal user server from 80.53.84.18
    Oct 11 09:38:41 servidor sshd[4913]: Illegal user adam from 80.53.84.18
    Oct 11 09:38:43 servidor sshd[4915]: Illegal user alan from 80.53.84.18
    Oct 11 09:38:46 servidor sshd[4917]: Illegal user frank from 80.53.84.18
    Oct 11 09:38:49 servidor sshd[4919]: Illegal user george from 80.53.84.18
    Oct 11 09:38:52 servidor sshd[4921]: Illegal user henry from 80.53.84.18
    Oct 11 09:38:55 servidor sshd[4923]: Illegal user john from 80.53.84.18
    Oct 11 09:38:57 servidor sshd[4925]: Failed password for root from 80.53.84.18 port 1430 ssh2
    Oct 11 09:39:00 servidor sshd[4927]: Failed password for root from 80.53.84.18 port 1476 ssh2
    Oct 11 09:39:03 servidor sshd[4929]: Failed password for root from 80.53.84.18 port 1513 ssh2
    Oct 11 09:39:06 servidor sshd[4931]: Failed password for root from 80.53.84.18 port 1556 ssh2
    Oct 11 09:39:09 servidor sshd[4933]: Failed password for root from 80.53.84.18 port 1594 ssh2
    Oct 11 09:39:12 servidor sshd[4935]: Illegal user test from 80.53.84.18

    olha só as inumeras tentativas..impressioante mesmo

  2. #22
    wrochal
    Amigos,

    Vou dar alguma dicas que aconselho.

    1. Mude a porta do ssh, por exemplo 9022
    /etc/ssh/sshd_config

    2. crie regra do iptables permitindo apenas o host que possa conectar

    iptables -A INPUT -s IP -p tcp --dport 9022 -j ACCEPT
    iptables -A INPUT -s 0/0 -p tcp --dport 9022 -j DROP

    3. Foi algo que fiz e achei interessante usar o poptop, aonde você conectar via protocolo pptp no linux e depois conectar via ssh, e claro permitir conexão do ssh apenas nos ips da VPN.

    4. Use o Portsentry para bloquear esses scans.

    Falou,



  3. o bom seria colocar no firewall para negar a porta 22 para ips fora da classe 200.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/16

    coisa do genero...
    ah.. filtro de icmp ajuda bastante!

  4. #24
    whinstonrodrigues
    Vcs vão me xingar, pq isto ranca muito mobilidade de vcs.. Mas eu largo o meu SSH fechadinho por iptables (22), só deixando liberado para IPs confiáveis, internos e externos.



  5. #25
    estanisgeyer
    O que também dá para fazer é mudar o sistema de autenticação através do PAM, trabalhando com o módulo PAM_TALLY, que conta o número de acessos fracassados e há a possibilidade de desabilitar o serviço para a origem por determinado tempo.






Tópicos Similares

  1. Respostas: 14
    Último Post: 13-12-2015, 15:53
  2. Respostas: 1
    Último Post: 06-12-2015, 09:39
  3. Ataque de spammer no Postfix . Help!
    Por fabiovb no fórum Servidores de Rede
    Respostas: 5
    Último Post: 21-11-2004, 22:39
  4. Alerta por E-mail no inicio de uma sessão SSH
    Por daniell no fórum Servidores de Rede
    Respostas: 2
    Último Post: 28-05-2004, 07:15
  5. Scan de Sistema no Suse 9.0
    Por Abutre no fórum Servidores de Rede
    Respostas: 0
    Último Post: 22-10-2003, 16:47

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L